Unauthorised scope r_liteprofile with linkedin oauth2

[tambakoo]

I am getting unauthorized_scope_error | Scope "r_liteprofile" is not authorized for your application very sporadically with linkedin oauth-2. This is very weird as there's no r_liteprofile in the linkedin developer's console. It only has basicprofile, r_emailaddress, rw_company_admin and w_share. Is this a pre-known issue ? Not getting any footprint online. Linkedin is pushing the control to https://www.linkedin.com/oauth/v2/authorization?client_id=817pm189a9zxnp&redirect_uri=http%3A%2F%2Flocalhost%3A3000%2Fauth%2Flinkedin%2Fcallback&response_type=code&scope=r_basicprofile&state=cea1676704da0832326304c1da6ee80eabc79463da80ac1d which has r_liteprofile while on linkedin console I'm clearly only requesting r_basicprofile .

[pjg]

This is a known issue with LinkedIn. Some OAuth applications there do not yet have the r_liteprofile option enabled. I've no idea why that is, but until it's available for your app the best way to workaround this issue is to bundle the pre 1.0.0 version of this gem.

1.0.0 won't work without r_liteprofile checked.

[tambakoo]

@pjg This is gonna sound really weird but I didn't even have the r_liteprofile checkbox on the linkedin console and despite that it was working, then it started giving me the above errors and it again started working yesterday. This is super confusing.

[pjg]

Interesting. From what I could gather it seems to me like LinkedIn Oauth stuff is quite a mess on their end, so it's not that surprising that you observe such non-deterministic behaviour.

[tambakoo]

Okay. I'll wait for them (there's no other option right). Should I close the issue now or once it is actually resolved ?

[pjg]

I haven't found a way to contact them :/ I'd leave it open as more ppl are likely to run into it.

[Boubalou]

Regarding the r_liteprofile scope, we had to re-create a new App on the dev center and use the new settings (id and secret) in our config for it to works properly with the new lib. It seems that older created apps do not have the products as seen in the screenshot below added, and there is no way to add them afterward. Go figure.

[Bhornumnard]

I change SOCIAL_AUTH_LINKEDIN_OAUTH2_SCOPE = ['r_basicprofile', 'r_emailaddress'] to SOCIAL_AUTH_LINKEDIN_OAUTH2_SCOPE = ['r_liteprofile', 'r_emailaddress'] It's work in my case

[SudhakarPunniyakotti]

config.omniauth :linkedin, client_id, secret, :SOCIAL_AUTH_LINKEDIN_OAUTH2_SCOPE => 'r_liteprofile' worked

[DarkLite1]

For anyone struggling with this, one needs to enable on the LinkedIn page "Products" the option "Sing-In with LinkedIn".

This will take 5 min for approval by LinkedIn after which the required scope "r_liteprofile" will be added to the "O_Auth 2.0 Scopes" section in LinkedIn. Found the answer on StackOverflow and works like a charm.

[timtoolboxx]

The option "Sing-In with LinkedIn" on the LinkedIn page "Products" seems to be gone. Only "Sign In with LinkedIn using OpenID Connect" is available in my new created LI app, which doesn't work for me. Does anyone know where to find it?

[AMUZY]

The option "Sing-In with LinkedIn" on the LinkedIn page "Products" seems to be gone. Only "Sign In with LinkedIn using OpenID Connect" is available in my new created LI app, which doesn't work for me. Does anyone know where to find it?

I'm having this same issue like right now. still looking for a solution

[statusunknown418]

any ideas on how to solve this? I'm trying to integrate my app with linkedin but sign-in doesn't really seem to be working

[AndriyBas]

Having the same issue here (Sign in with LinkedIn does not work, gives the error "Scope "r_liteprofile" is not authorized for your application". But I don't know where to enable that scope((

[AMUZY]

Are you using Next.js? I have found a way to do it in my Next.js app inside of the Next auth options

On Mon, 28 Aug 2023, 01:21 Alvaro Aquije, @.***> wrote:

any ideas on how to solve this? I'm trying to integrate my app with linkedin but sign-in doesn't really seem to be working

— Reply to this email directly, view it on GitHub https://github.com/decioferreira/omniauth-linkedin-oauth2/issues/45#issuecomment-1694812547, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARHMW3IG6P5UDUSLVRRJR3LXXPQB3ANCNFSM4GPXKGFQ . You are receiving this because you commented.Message ID: @.***>

[AMUZY]

I found a solution to this, in my Next js app. I can access the code when I'm with my laptop

On Mon, 28 Aug 2023, 16:46 Andrii Bas, @.***> wrote:

Having the same issue here (Sign in with LinkedIn does not work, gives the error "Scope "r_liteprofile" is not authorized for your application". But I don't know where to enable that scope((

— Reply to this email directly, view it on GitHub https://github.com/decioferreira/omniauth-linkedin-oauth2/issues/45#issuecomment-1695927582, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARHMW3O47JB4LU7C7D4WMKDXXS4MRANCNFSM4GPXKGFQ . You are receiving this because you commented.Message ID: @.***>

[tapiarafael]

They have deprecated the Sign In with LinkedIn in Aug 1, 2023. Now we only have the Sign In with LinkedIn using OpenID Connect. You should use openid, email and profile instead of the old r_liteprofile and r_emailaddress scopes. Sign In with LinkedIn docs Sign In with LinkedIn using OpenID Connect docs

[condieki]

This worked for me in NextJS, pass in authorization parameter to override and use the new supported scopes defined with OpenId it will override the previous default scopes r_liteprofile and r_emailaddress ones providers: [ LinkedInProvider({ clientId: process.env.LINKEDIN_CLIENT_ID, clientSecret: process.env.LINKEDIN_CLIENT_SECRET, authorization: { params: { scope: "profile email openId" } }, }) ]

[ravijammi]

Solution suggested by @tapiarafael worked for me. Used scope=profile instead of r_liteprofile.

[AMUZY]

Glad it worked!

On Wed, 6 Sep 2023, 20:03 ravijammi, @.***> wrote:

Solution suggested by @tapiarafael https://github.com/tapiarafael worked for me. Used scope=profile instead of r_liteprofile.

— Reply to this email directly, view it on GitHub https://github.com/decioferreira/omniauth-linkedin-oauth2/issues/45#issuecomment-1708932283, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARHMW3PX72E5AOIHWYO6XU3XZDCG3ANCNFSM4GPXKGFQ . You are receiving this because you commented.Message ID: @.***>

[Dragusin-Cristian]

Solution suggested by @tapiarafael worked for me too. Thank you!

[tmabs-94]

Good day, Thanks @tapiarafael worked to an extent but I can't still login, I am getting "{'provider': 'linkedin_oauth2', 'code': 'unknown', 'exception': HTTPError('403 Client Error: Forbidden for url: https://api.linkedin.com/v2/me?projection=(id,first-name,last-name,email-address,picture-url,connections)')}". What could be the possible cause. Thank you.

[tapiarafael]

Good day, Thanks @tapiarafael worked to an extent but I can't still login, I am getting "{'provider': 'linkedin_oauth2', 'code': 'unknown', 'exception': HTTPError('403 Client Error: Forbidden for url: https://api.linkedin.com/v2/me?projection=(id,first-name,last-name,email-address,picture-url,connections)')}". What could be the possible cause. Thank you.

I solved this using the new endpoint userinfo instead of the old me endpoint. I believe that, since we don't have the old scopes we cannot access the old endpointnanymore.

Check this documentation, there are more info about this new endpoint

[hemantmaurya344]

For me on me or userinfo both i am getting same response Not enough permissions to access: GET /me and Not enough permissions to access: GET /userinfo

[AMUZY]

You're getting a status code of 403, meaning you're forbidden to access the data you want to. Errors like this will occur in this scenario when you're not accurately providing your client id and client secret. Maybe there's a typographical error? Or maybe you're not importing it properly from your environmental variables file (.env)? Check that

On Tue, 19 Sep 2023, 15:53 Hemant Maurya, @.***> wrote:

For me on me or userinfo both i am getting same response Not enough permissions to access: GET /me and Not enough permissions to access: GET /userinfo [image: Screenshot from 2023-09-18 21-52-03] https://user-images.githubusercontent.com/68320014/268999265-e89117d7-413d-4843-a959-28882f9daf7e.png

— Reply to this email directly, view it on GitHub https://github.com/decioferreira/omniauth-linkedin-oauth2/issues/45#issuecomment-1725804992, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARHMW3JPTTLNZELMUPSJ3QDX3GWWDANCNFSM4GPXKGFQ . You are receiving this because you commented.Message ID: @.***>

[hemantmaurya344]

@AMUZY In these route https://www.linkedin.com/oauth/v2/authorization and https://www.linkedin.com/oauth/v2/accessToken are just working fine and I am getting responses from there where it needs client id and client secret If i am using the inaccurate credentials then these requests should also give status code 403

[AMUZY]

The link you're to check is the authorization link that the browser navigates to as soon as you click Sign In button. embedded in the link should be something like "clientId=[your client id string value]" and "clientsecret=[your client secret value]". Along with other parameters like scope e.t.c. So check this link if you get your correct client id value and and secret embedded in it

On Tue, 19 Sep 2023, 17:54 Hemant Maurya, @.***> wrote:

@AMUZY https://github.com/AMUZY In these route https://www.linkedin.com/oauth/v2/authorization and https://www.linkedin.com/oauth/v2/accessToken are just working fine and I am getting responses from there where it needs client id and client secret

— Reply to this email directly, view it on GitHub https://github.com/decioferreira/omniauth-linkedin-oauth2/issues/45#issuecomment-1726080207, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARHMW3N2M2TOHDRYIO6GD5DX3HE4DANCNFSM4GPXKGFQ . You are receiving this because you were mentioned.Message ID: @.***>

[tmabs-94]

Thank you very much @tapiarafael for your help. The below code was what I added to the linkedin_oauth2 section of the SOCIALACCOUNT_PROVIDERS inside the settings.py file of my project. 'linkedin_oauth2': { 'SCOPE': [ 'openid', # OpenID and Profile scopes 'email', # Email scope 'profile', 'w_member_social', # Custom scope (adjust the scope name as needed) ], 'VERIFIED_EMAIL': True, 'KEY': '*', 'SECRET': '', "access_token": "AQXLTtRF1mXycMZfNhXK0ybtvinPOJkWxtwltnsmEyXCdr0_L3nUCjyDOVs1V0FxieZLq2-Wa7s1aycNBsgKd0SehsKaVRoBTHVhGqrXKwVlvw0ot_jIpfv43Yx5T3yYD_n8ttQpi1DgPdbSzEYQ6eA2EIcvpUBVK8LqjvR2ZrT_BqtKbmOOjkd0qPt7nOqYXeAwSE5Zt66P_9GsTpkgPqxf2WrJKnHYPoa_n0yHlqKdhZlADUARlENGiTCnUYPFsNAIqZ3OEopQdeQ28RyMwO5oBijm4z8X60KTh7iCys47urDV0LkxNHmIABDYMrihsXtBeA8uBCBUebkaP5id_mSdsxa2Vw", "issuer": "https://www.linkedin.com", "authorization_endpoint": "https://www.linkedin.com/oauth/v2/authorization", "token_endpoint": "https://www.linkedin.com/oauth/v2/accessToken", "userinfo_endpoint": "https://api.linkedin.com/v2/userinfo", "jwks_uri": "https://www.linkedin.com/oauth/openid/jwks", 'PROFILE_FIELDS': [ 'id', 'first-name', 'last-name', 'email-address', # 'headline', # 'location', 'picture-url', 'connections', # 'public-profile-url', ], },

I don't know if you can help to check if I am not missing something or probably the documentation isn't for python (django). Thank you very much in anticipation, I really appreciate your help.

[hemantmaurya344]

The link you're to check is the authorization link that the browser navigates to as soon as you click Sign In button. embedded in the link should be something like "clientId=[your client id string value]" and "clientsecret=[your client secret value]". Along with other parameters like scope e.t.c. So check this link if you get your correct client id value and and secret embedded in it … On Tue, 19 Sep 2023, 17:54 Hemant Maurya, @.> wrote: @AMUZY https://github.com/AMUZY In these route https://www.linkedin.com/oauth/v2/authorization and https://www.linkedin.com/oauth/v2/accessToken are just working fine and I am getting responses from there where it needs client id and client secret — Reply to this email directly, view it on GitHub <#45 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ARHMW3N2M2TOHDRYIO6GD5DX3HE4DANCNFSM4GPXKGFQ . You are receiving this because you were mentioned.Message ID: @.>

In the Authorization link when i sign in from there it redirect to another url from there i recieve code from linkedin and state which i am providing during the authorization url call, embeded in the callback url I am not recieving client_id or client_secret in the embeded on it

[AMUZY]

Oh oh. Are you using Nextjs?  Sent from Mail for Windows From: Hemant MauryaSent: Wednesday, September 20, 2023 12:52 PMTo: decioferreira/omniauth-linkedin-oauth2Cc: Amu Christian Nnamdi; MentionSubject: Re: [decioferreira/omniauth-linkedin-oauth2] Unauthorised scope r_liteprofile with linkedin oauth2 (#45) The link you're to check is the authorization link that the browser navigates to as soon as you click Sign In button. embedded in the link should be something like "clientId=[your client id string value]" and "clientsecret=[your client secret value]". Along with other parameters like scope e.t.c. So check this link if you get your correct client id value and and secret embedded in it…On Tue, 19 Sep 2023, 17:54 Hemant Maurya, @.> wrote: @AMUZY https://github.com/AMUZY In these route https://www.linkedin.com/oauth/v2/authorization and https://www.linkedin.com/oauth/v2/accessToken are just working fine and I am getting responses from there where it needs client id and client secret — Reply to this email directly, view it on GitHub , or unsubscribe https://github.com/notifications/unsubscribe-auth/ARHMW3N2M2TOHDRYIO6GD5DX3HE4DANCNFSM4GPXKGFQ . You are receiving this because you were mentioned.Message ID: @.>In the Authorization link when i sign in from there it redirect to another url from there i recieve code from linkedin and state which i am providing during the authorization url call, embeded in the callback urlI am not recieving client_id or client_secret in the embeded on it—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***> 

[hemantmaurya344]

Oh oh. Are you using Nextjs?  Sent from Mail for Windows From: Hemant MauryaSent: Wednesday, September 20, 2023 12:52 PMTo: decioferreira/omniauth-linkedin-oauth2Cc: Amu Christian Nnamdi; MentionSubject: Re: [decioferreira/omniauth-linkedin-oauth2] Unauthorised scope r_liteprofile with linkedin oauth2 (#45) The link you're to check is the authorization link that the browser navigates to as soon as you click Sign In button. embedded in the link should be something like "clientId=[your client id string value]" and "clientsecret=[your client secret value]". Along with other parameters like scope e.t.c. So check this link if you get your correct client id value and and secret embedded in it…On Tue, 19 Sep 2023, 17:54 Hemant Maurya, @.> wrote: @AMUZY https://github.com/AMUZY In these route https://www.linkedin.com/oauth/v2/authorization and https://www.linkedin.com/oauth/v2/accessToken are just working fine and I am getting responses from there where it needs client id and client secret — Reply to this email directly, view it on GitHub , or unsubscribe https://github.com/notifications/unsubscribe-auth/ARHMW3N2M2TOHDRYIO6GD5DX3HE4DANCNFSM4GPXKGFQ . You are receiving this because you were mentioned.Message ID: @.>In the Authorization link when i sign in from there it redirect to another url from there i recieve code from linkedin and state which i am providing during the authorization url call, embeded in the callback urlI am not recieving client_id or client_secret in the embeded on it—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you were mentioned.Message ID: ***@***.***>

No I am using Postman